AsidaraASIDARA

Privacy Notice

Last updated: 24 May 2026

This Privacy Notice explains how Asidara ("Asidara", "we", "us", "our") collects, uses, shares, and retains personal data when you visit our website or use our asset management service (the "Service"). If you have any questions, contact us through the support channel listed on our website.

1. Who we are

Asidara is the trading name of the legal entity operating this Service. Asidara is the data controller for personal data processed in connection with the Service, which means we decide why and how your personal data is processed.

2. Personal data we collect

  • Account data: name, email address, password (stored hashed), workspace role.
  • Profile data: full name, department, avatar URL, and other details you add.
  • Service content: asset records, categories, assignments, and maintenance records you create.
  • Support data: messages you send us and the contents of related correspondence.
  • Usage and device data: log data, IP address, browser type, operating system, pages viewed, timestamps, and similar telemetry.
  • Cookies and similar technologies: see "Cookies" below.

3. Why we use your personal data and our legal basis

  • Provide the Service (creating your account, hosting your data, enabling assignments and maintenance tracking) — performance of a contract with you.
  • Authentication and security (preventing fraud, abuse, and unauthorised access) — our legitimate interests and, where applicable, legal obligation.
  • Customer support — performance of a contract and our legitimate interests in resolving your issues.
  • Product improvement (debugging, analytics, usage trends) — our legitimate interests.
  • Service communications (transactional emails such as receipts, security alerts, account notices) — performance of a contract.
  • Marketing (where applicable) — consent, which you can withdraw at any time.
  • Legal compliance — compliance with legal obligations and establishing or defending legal claims.

4. How we share your personal data

We share personal data with the following categories of recipients:

  • Service providers / subprocessors: hosting, database, email delivery, analytics, error monitoring, and customer support tooling — bound by written agreements that restrict their use of personal data.
  • Merchant of Record (Paddle): Paddle.com Market Ltd. acts as our reseller and Merchant of Record for paid plans. Paddle processes payment, billing, tax, invoicing, refund, and subscription-management data on our behalf and as a separate controller for those activities. See Paddle's Buyer Terms at paddle.com/legal/checkout-buyer-terms.
  • Professional advisers: legal, accounting, and audit professionals, under duties of confidentiality.
  • Authorities and other parties: where required by law, court order, or to protect our rights, users, or the public.
  • Successors in interest: in connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.

We do not sell personal data.

5. International transfers

Personal data may be processed outside the country where you live, including outside the UK/EEA. Where we transfer personal data from the UK/EEA to a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK addendum where relevant), or other lawful transfer mechanisms.

6. Data retention

We keep personal data only for as long as needed for the purposes set out above. Account and workspace data is retained while your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce agreements. After that period, we delete or anonymise it. Backups are deleted on a rolling cycle.

7. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), encrypted storage, role-based access controls, row-level security policies in our database, audit logging, and regular review of access. No system is perfectly secure; we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you and obtain a copy.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data.
  • Restrict or object to certain processing activities.
  • Receive your data in a portable format and have it transmitted to another controller.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local data protection supervisory authority (UK/EEA residents — for example, the UK ICO).

To exercise these rights, contact us using the support channel on our website. We will respond within the period required by applicable law (in the UK/EEA, typically within one month).

9. Cookies

We use the following categories of cookies and similar technologies:

  • Essential: required for the Service to function (authentication session, security, load balancing). These cannot be disabled.
  • Analytics: help us understand how the Service is used so we can improve it.
  • Marketing: only set where you have given consent.

You can manage non-essential cookies through your browser settings or any in-product cookie controls we provide.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

11. Changes to this notice

We may update this Privacy Notice from time to time. We will post the updated version on this page and update the "Last updated" date.

12. Contact

If you have questions about this Privacy Notice or our processing of your personal data, contact Asidara through the support channel listed on our website.